Will Munny

This appears to have changed in the latest version. There now appears to be only one place to make the edit. The 'PT30M'. Is this a safe edit, are there any gotchas I may have missed?. . . /applications/core/widgets. . . /* Do we have permission? */ if ( !\IPS\Member::loggedIn()->canAccessModule( \IPS\Application\Module::get( 'core', 'online' ) ) ) { return ""; } $where = array( array( 'core_sessions.running_time>' . \IPS\DateTime::create()->sub( new \DateInterval( 'PT30M' ) )->getTimeStamp() ), array( 'core_groups.g_hide_online_list=0' ) );

Is this the session.gc_maxlifetime setting?

​System --> Applications --> System --> Online User List

Thanks. That gave me a white screen unfortunately. However, I've now realised there's a group permissions setting in ACP to hide the online users from specific groups altogether.

Yes you're right, thanks for the pointer. There were two references to the 30 minute limit in that file you mentioned and changing them both (one for members, one for guests) appears to work. . . /* Get Members */ $members = iterator_to_array( \IPS\Db::i()->select( array( 'member_id', 'member_name', 'seo_name', 'member_group' ), 'core_sessions', array( array( 'login_type=' . \IPS\Session\Front::LOGIN_TYPE_MEMBER ), array( 'running_time>' . \IPS\DateTime::create()->sub( new \DateInterval( 'PT90M' ) )->getTimeStamp() ) ), 'running_time DESC', $this->orientation === 'horizontal' ? NULL : 60 )->setKeyField( 'member_id' ) ); /* Get guests count */ $memberCount = 0; $guests = 0; $anonymous = 0; if ( $this->orientation === 'horizontal' ) { foreach ( \IPS\Db::i()->select( 'login_type, COUNT(*) AS count', 'core_sessions', array( 'running_time>' . \IPS\DateTime::create()->sub( new \DateInterval( 'PT90M' ) )->getTimeStamp() ), NULL, NULL, 'login_type' ) as $row )Safe??? Also, There appears to be no setting to make this box only available to members. Do you have any advice for me on how to hide it from guests?

Actually it seems you also have to edit the following line to make it work. . . $table->limit = 30;That also makes the online users page much bigger or smaller though (depending on which way you edit the limit). I actually prefer to see bigges online users pages. Any devs got some input for this?

I think I figured this out myself. In /applications/core/modules/front/online. . . /* Initial filters */ $where = array( array( "core_sessions.running_time>?", \IPS\DateTime::create()->sub( new \DateInterval( 'PT30M' ) )->getTimeStamp() ),If I change the 'PT30M' to something like 'PT15M' or 'PT90M', it appears to work. Is this a safe edit?

Is this a file edit? I'm happy to edit a file to make this happen. . .

How do I change this? It appears to be set at 30 minutes. How to adjust this? I can't see anything in ACP.

I hope there'll be a skin changes instructional. This will be the first time I'll try that updating method. I had a server HDD failure this week that cost me a whole lot of time to rebuild my system to spec (plus 10 hours forum downtime. Last thing I need is an IPB upgrade :D

If you want to test whether or not your server is outputting gzipped content properly, there are online tools a'plenty... try this one: http://www.whatsmyip.org/http_compression/

Yes. You won't break anything by leaving it switched on in ACP, but with Deflate active in Apache, EVERYTHING served up from your server is gzipped already, regardless of the settings in ACP.

Well, I'm assuming you want to get your server tuned up in general... and that includes rock solid security to keep out unwanted spiders and scrapers, which hog resources, sometimes badly. If you've just got yourself an UNMANAGED server, PHP will be set to all it's default values i.e. wide open to attack, back door placements, this that and the other... you need to close up the cracks immediately. Apache/Linux comes with it's own firewall built in and configserver's plugin is a nice addition to your server as a graphical interface and automated system to detect attacks and block them. It also downloads things like the Spamhaus lists so it's up to date on the latest threats. You can just set it up and forget it... I went online with my server without the firewall switched on to see what would happen. Thousands of bots online, all of them bad bots. Getting your firewall set up nicely is key to saving your resources for those that deserve it i.e. your real human visitors. As I alluded to above, at this time I'm more concerned that you're running a default PHP set up... do some Googling for 'Harden PHP' and you'll see lots of advice and tutorials. Look at it like this: Put the plug in the plug hole before filling the bath with water.

What measures have you taken to harden up your PHP?

If you're running cPanel, you could do a lot worse than installing the configserver plugin to manage your firewall. Although their install services are available for a fee, it's actually free software and if you're confident enough, you can install it and set it up on your own... http://www.configserver.com/cp/csf.html ... advice given humbly with no sense of superiority :blink: